Lucene search
K

361 matches found

Tenable Nessus
Tenable Nessus
added 2006/01/15 12:0 a.m.28 views

SUSE-SA:2006:001: xpdf,kpdf,gpdf,kword

The remote host is missing the patch for the advisory SUSE-SA:2006:001 xpdf,kpdf,gpdf,kword. 'infamous41md', Chris Evans and Dirk Mueller discovered multiple places in xpdf code where integer variables are insufficiently checked for range or overflow. Specially crafted PDF files could lead to...

6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/01/15 12:0 a.m.31 views

Fedora Core 3 : tetex-2.0.2-21.7.FC3 (2006-029)

Several flaws were discovered in the way teTeX processes PDF files. An attacker could construct a carefully crafted PDF file that could cause poppler to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3624,...

10CVSS7.3AI score0.05566EPSS
Exploits5References5
Debian
Debian
added 2006/01/12 11:32 a.m.35 views

[SECURITY] [DSA 937-1] New tetex-bin packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 937-1 [email protected] http://www.debian.org/security/ Martin Schulze January 12th, 2006 http://www.debian.org/security/faq -...

10CVSS0.3AI score0.0614EPSS
Exploits5
Debian
Debian
added 2006/01/12 11:32 a.m.52 views

[SECURITY] [DSA 937-1] New tetex-bin packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 937-1 [email protected] http://www.debian.org/security/ Martin Schulze January 12th, 2006 http://www.debian.org/security/faq -...

10CVSS7.5AI score0.0614EPSS
Exploits5
OSV
OSV
added 2006/01/12 12:0 a.m.25 views

DSA-937-1 tetex-bin - buffer overflows

Bulletin has no description...

10CVSS6.3AI score0.0614EPSS
Exploits5
Ubuntu
Ubuntu
added 2006/01/09 5:26 p.m.63 views

USN-236-2: xpdf vulnerabilities in kword, kpdf

USN-236-1 fixed several vulnerabilities in xpdf. kpdf and kword contain copies of xpdf code and are thus vulnerable to the same issues. For reference, this is the original advisory: Chris Evans discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, a...

10CVSS7.3AI score0.05566EPSS
Exploits5
Cvelist
Cvelist
added 2006/01/06 10:0 p.m.38 views

CVE-2005-3625

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service infinite loop via streams that end prematurely, as demonstrated using the 1 CCITTFaxDecode and 2 DCTDecode streams, aka "Infinite CPU spins."...

6.1AI score0.03855EPSS
Exploits1References85
CVE
CVE
added 2006/01/06 10:0 p.m.99 views

CVE-2005-3625

CVE-2005-3625 is confirmed to affect Xpdf and related tools (gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The issue is a denial-of-service in PDF stream handling where streams that end prematurely can cause an infinite loop, demonstrated for the CCITTFaxDecode and DCTDecode s...

10CVSS6.2AI score0.03855EPSS
Exploits1References85Affected Software11
CVE
CVE
added 2006/01/06 10:0 p.m.106 views

CVE-2005-3624

CVE-2005-3624 affects multiple PDF tools (xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The issue is in CCITTFaxDecode handling in Stream.cc, where negative or very large integers can trigger integer overflows/underflows, leading to heap corruption. The documented impact...

5CVSS6.3AI score0.02301EPSS
Exploits1References82Affected Software11
CVE
CVE
added 2006/01/06 10:0 p.m.96 views

CVE-2005-3627

CVE-2005-3627 is a vulnerability in Xpdf (Stream.cc) affecting multiple products using Xpdf code paths (e.g., gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor). The issue arises in DCTDecode stream handling: (1) an unchecked large number of components value in DCTStream::readBaselineSOF/...

7.5CVSS8.9AI score0.05566EPSS
Exploits2References86Affected Software1
Ubuntu
Ubuntu
added 2006/01/06 2:59 a.m.67 views

USN-236-1: xpdf vulnerabilities

Chris Evans discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, and tetex-bin. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that...

10CVSS7.3AI score0.05566EPSS
Exploits5
NVD
NVD
added 2005/12/31 5:0 a.m.25 views

CVE-2005-3627

Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with 1 a large "number of components" value that is not checked by...

7.5CVSS7.1AI score0.05566EPSS
Exploits2References86
NVD
NVD
added 2005/12/31 5:0 a.m.15 views

CVE-2005-3628

Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors...

7.5CVSS7.3AI score0.04197EPSS
Exploits0References38
UbuntuCve
UbuntuCve
added 2005/12/08 1:3 a.m.27 views

CVE-2005-3192

Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as 1 Poppler, 2 teTeX, 3 KDE kpdf, and 4 pdftohtml, 5 KOffice KWord, 6 CUPS, and 7 libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps number o...

7.5CVSS6.6AI score0.0614EPSS
Exploits0References2
NVD
NVD
added 2005/12/08 1:3 a.m.21 views

CVE-2005-3192

Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as 1 Poppler, 2 teTeX, 3 KDE kpdf, and 4 pdftohtml, 5 KOffice KWord, 6 CUPS, and 7 libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps number o...

7.5CVSS7.8AI score0.0614EPSS
Exploits0References112
Tenable Nessus
Tenable Nessus
added 2005/12/08 12:0 a.m.35 views

Fedora Core 4 : tetex-3.0-7.FC4 (2005-1126)

Several flaws were discovered in Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The teTeX package contains a copy of the Xpdf code used for parsing PDF files and is therefore affected by this bug.The...

7.5CVSS6AI score0.0614EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2005/12/08 12:0 a.m.32 views

Fedora Core 3 : tetex-2.0.2-21.5 (2005-1127)

Several flaws were discovered in Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The teTeX package contains a copy of the Xpdf code used for parsing PDF files and is therefore affected by this bug.The...

7.5CVSS6AI score0.0614EPSS
Exploits0References4
OSV
OSV
added 2005/12/07 12:3 a.m.3 views

DEBIAN-CVE-2005-3193

Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code JPXStream.c for xpdf 3.01 and earlier, as used in products such as 1 Poppler, 2 teTeX, 3 KDE kpdf, 4 CUPS, and 5 libextractor allows user-assisted attackers to cause a denial of service heap...

5.1CVSS7.8AI score0.04082EPSS
Exploits0References1
NVD
NVD
added 2005/05/02 4:0 a.m.22 views

CVE-2005-1065

tetex in Novell Linux Desktop 9 allows local users to determine the existence of arbitrary files via a symlink attack in the /var/cache/fonts directory...

2.1CVSS6.3AI score0.00379EPSS
Exploits0References2
CVE
CVE
added 2005/04/12 4:0 a.m.54 views

CVE-2005-1065

The vulnerability CVE-2005-1065 affects tetex in Novell Linux Desktop 9. An attacker with local access can determine the existence of arbitrary files via a symlink attack in /var/cache/fonts, enabling partial confidentiality impact without authentication. The common root cause is a symlink handli...

2.1CVSS6.7AI score0.00379EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder